Active Directory Services with Windows Server

Description

Get hands on practice administering Active Directory technologies in Windows Server 2012 and Windows Server 2012 R2 in Active Directory Services with Windows Server! In this 5-day Instructor-led Microsoft Official Course, you will learn the skills you need to better manage and protect data access and information, simplify deployment and management of your identity infrastructure, and provide more secure access to data from virtually anywhere. You will learn how to configure some of the key features in Active Directory such as Active Directory Domain Services, Group Policy, Dynamic Access Control, Work Folders, Workplace Join, Certificate Services, Rights Management Services and Federation Services, as well as integrating your on premise environment with cloud based technologies such as Windows Azure Active Directory. As part of the learning experience, you will perform hands-on exercises in a virtual lab environment.

Key Active Directory Services with Windows Server Takeaways:

Understand available solutions for identity management and be able to address scenarios with appropriate solutions.

Deploy and administer AD DS in Windows Server 2012.

Secure AD DS deployment

Implement AD DS sites, configure and manage replication

Implement and manage Group Policy

Manage user settings with Group Policy

Implement certification authority (CA) hierarchy with AD CS and how to manage CAs.

Implement, deploy ad manage certificates.

Implement and manage AD RMS.

Implement and administer AD FS.

Secure and provision data access using technologies such as Dynamic Access Control, Work Folders and Workplace Join

Monitor, troubleshoot and establish business continuity for AD DS services.

Outline

Module 1: Overview of Access and Information Protection

This module provides an overview of multiple Access and Information Protection (AIP) technologies and services what are available with Windows Server 2012 and Windows Server 2012 R2 from a business perspective and maps business problems to technical solutions. It also includes coverage of Forefront Identify Manager (FIM).

Lessons

Introduction to Access and Information Protection Solutions in Business

This module describes the threats to domain controllers and what methods can be used to secure the AD DS and its domain controllers.

Lessons

Securing Domain Controllers

Implementing Account Security

Implementing Audit Authentication

Lab : Securing Active Directory Domain Services

Implementing Security Policies for Accounts and Passwords and Administrative Groups

Deploying and Configuring a RODC

After completing this module, students will be able to:

Understand the importance of securing domain controllers.

Describe the benefit of read-only domain controllers (RODCs).

Explain and implement password and account lockout policies.

Implement audit authentication.

Module 4: Implementing and Administering AD DS Sites and Replication

This module explains how AD DS replicates information between domain controllers within a single site and throughout multiple sites. This module also explains how to create multiple sites and how to monitor replication to help optimize AD DS replication and authentication traffic.

This module describes certificate usage in business environments and explains how to deploy and manage certificates, configure certificate templates and manage enrolment process. This module also covers the deployment and management of smart cards.

Lessons

Using Certificates in a Business Environment

Deploying and Managing Certificate Templates

Managing Certificates Deployment, Revocation, and Recovery

Implementing and Managing Smart Cards

Lab : Deploying and Using Certificates

Configuring Certificate Templates

Enrolling and using certificates

Configuring and Implementing Key Recovery

After completing this module, students will be able to:

Use certificates in business environments.

Deploy and manage certificate templates.

Manage certificates deployment, revocation and recovery.

Implement and manage smart cards.

Module 9: Implementing and Administering AD RMS

This module introduces Active Directory Rights Management Services (AD RMS). It also describes how to deploy AD RMS, how to configure content protection, and how to make AD RMS–protected documents available to external users.

Lessons

Overview of AD RMS

Deploying and Managing an AD RMS Infrastructure

Configuring AD RMS Content Protection

Configuring External Access to AD RMS

Lab : Implementing an AD RMS Infrastructure

Install and Configure AD RMS

Configure AD RMS Templates

Verifying AD RMS on Clients

Configure AD RMS Monitoring and Reporting

After completing this module, students will be able to:

Describe AD RMS.

Explain how to deploy and manage an AD RMS infrastructure.

Explain how to configure AD RMS content protection.

Explain how to configure external access to AD RMS.

Module 10: Implementing and Administering AD FS

This module explains AD FS, and then provides details on how to configure AD FS in both a single organization scenario and in a partner organization scenario. This module also describes the Web Application Proxy feature in Windows Server 2012 R2 that functions as an AD FS proxy and reverse proxy for web-based applications.

Lessons

Overview of AD FS

Deploying AD FS

Implementing AD FS for a Single Organization

Deploying AD FS in a Business-to-Business Federation Scenario

Extending AD FS to External Clients

Lab : Implementing AD FS

Installing and Configuring AD FS

Configure an Internal Application for AD FS

Configuring AD FS for a Federated Business Partner

Configuring Web Application Proxy

After completing this module, students will be able to:

Describe AD FS.

Explain how to configure the AD FS prerequisites, and deploy AD FS services.

Describe how to implement AD FS for a single organization.

Deploy AD FS in a business-to-business federation scenario.

Deploy the Web Application Proxy.

Module 11: Implementing Secure Shared File Access

This module explains how to use Dynamic Access Control (DAC), Work Folders, Work place Join and how to plan and implement these technologies.

Lessons

Overview of Dynamic Access Control

Implementing DAC Components

Implementing DAC for Access Control

Implementing Access Denied Assistance

Implementing and Managing Work Folders

Implementing Workplace Join

Lab : Implementing Secure File Access

Preparing for DAC Deployment

Implementing DAC

Validating and Remediating DAC

Implementing Work Folders

After completing this module, students will be able to:

Describe DAC.

Implement DAC components.

Implement DAC for access control.

Implement access-denied assistance.

Implement and manage Work Folders.

Implement Workplace Join.

Module 12: Monitoring, Managing, and Recovering AD DS

This module explains how to use tools that help monitor performance in real time, and how to record performance over time to spot potential problems by observing performance trends. This module also explains how to optimize and protect your directory service and related identity and access solutions so that if a service does fail, you can restart it as quickly as possible.

Lessons

Monitoring AD DS

Managing the AD DS Database

AD DS Backup and Recovery Options for AD DS and Other Identity and Access Solutions

Lab : Monitoring AD DS

Monitoring AD DS with Performance Monitor

Lab : Recovering Objects in AD DS

Backing Up and Restoring AD DS

Recovering Objects in AD DS

After completing this module, students will be able to:

Monitor AD DS.

Manage the AD DS database.

Recover objects from the AD DS database.

Module 13: Implementing Windows Azure Active Directory

This module explains the concepts and technologies in Windows Azure Active Directory and how to implement and integrate it within your organization

PreRequisites

Experience working in a Windows Server infrastructure enterprise environment.

Experience working with and troubleshooting core networking infrastructure technologies such as name resolution, IP Addressing, Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).

Experience with Hyper-V and Server Virtualization concepts.

An awareness and understanding of general security best practices.

Experience working hands on with Windows Client operating systems such as Windows Vista, Windows 7 or Windows 8.

Audience

This course is intended for Information Technology (IT) professionals who have Active Directory Domain Services (AD DS) experience and are looking for a single course that will further develop knowledge and skills using Access and Information Protection technologies in Windows Server 2012 and Windows Server 2012 R2. This would typically include:

AD DS administrators who are looking to further develop skills in the latest Access and Information Protection technologies with Windows Server 2012 and Windows Server 2012 R2.

System or Infrastructure administrators with general AD DS experience and knowledge who are looking to build upon that core knowledge and cross-train into advanced Active Directory technologies in Windows Server 2012 and Windows Server 2012 R2

IT Professionals who have taken the 10967A: Fundamentals of a Windows Server Infrastructure course and are looking to build upon that Active Directory knowledge.